Current axios version contains CSRF vulnerability. #3369
Labels
possible bug
Stage1
just created by someone new to the project, we don't know yet if it deserves an implementation / a f
Versions
Detailed description of a problem
Wanted to get this out as I haven't seen any issue posts about this recently.
When installing mineflayer using npm, npm states that it found 5 vulnerabilities after install. Upon entering
npm audit
it appears that the current version of the library Axios contains a Cross-Site Request Forgery vulnerability which is detailed in the links below. I should note it has now been patched in any version beyond 1.6.0. Current Axios version used by mineflayer is 0.21.4.Additional context
The versions of axios affected are any below 1.6.0. Also using npm audit fix with or without --force doesn't fix the issue.
The text was updated successfully, but these errors were encountered: